Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
105eeed08455f033414ef883eba83dfd87dc77653cf82b7c3f61dd960699e5f7
-
Size
213KB
-
Sample
221218-nmjldabg57
-
MD5
1e5c136cf7bc0f4b811f6b9beb451291
-
SHA1
256c01c08a75588eae5457608716928f7a7d4550
-
SHA256
105eeed08455f033414ef883eba83dfd87dc77653cf82b7c3f61dd960699e5f7
-
SHA512
1ae260ecb9bf0da55590bc838b8837cc1c7d7cfeed3aeb94ec902fe612db3c54f89a3a97322a0a3421786374ea47cf04a4c7bf2fdac394bd6b24c85dd3ef43e6
-
SSDEEP
3072:fIBKtfL/vJRSAMzYRjQXjMApzkpVpKXC+g3uuq3HOil3lk025PH:gBefLHqhz80IApIIXCP+uq3jlVklPH
Malware Config
Extracted
danabot
23.236.181.126:443
123.253.35.251:443
66.85.173.3:443
-
embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
-
type
loader
Targets
-
-
Target
105eeed08455f033414ef883eba83dfd87dc77653cf82b7c3f61dd960699e5f7
-
Size
213KB
-
MD5
1e5c136cf7bc0f4b811f6b9beb451291
-
SHA1
256c01c08a75588eae5457608716928f7a7d4550
-
SHA256
105eeed08455f033414ef883eba83dfd87dc77653cf82b7c3f61dd960699e5f7
-
SHA512
1ae260ecb9bf0da55590bc838b8837cc1c7d7cfeed3aeb94ec902fe612db3c54f89a3a97322a0a3421786374ea47cf04a4c7bf2fdac394bd6b24c85dd3ef43e6
-
SSDEEP
3072:fIBKtfL/vJRSAMzYRjQXjMApzkpVpKXC+g3uuq3HOil3lk025PH:gBefLHqhz80IApIIXCP+uq3jlVklPH
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-